The malware has been designated OSX/CoinThief.A, and it was originally distributed through apps on open source developer site GitHub called StealthBit and BitVanity. It has now been found on Download.com through apps called Bitcoin Ticker TTM, and Litecoin Ticker.

As a trojan, the malware relies on tricking the user into installing by hiding behind a seemingly legit app. SecureMac said that the above-listed "apps" were designed to look like real software found on Apple's Mac App Store.

In this case, OSX/CoinThief.A installs a browser extension in Chrome, Safari, and Firefox that "spies on Web traffic to steal Bitcoins." By watching your Web-based traffic, the app looks for Bitcoin-related logins and passwords so that the bad guys can then use those logins to steal your Bitcoins.

It then communicates with a background process called com.google.softwareUpdateAgent, which in turn communicates with a remote server operated by the bad guys.

Take a screenshot of these instructions or print them out, and disconnect your system from the internet until you've verified that your system is clean.

Open Activity Monitor (located in your Utilities folder), and look for a process called "com.google.softwareUpdateAgent."

Note that this is a specific name that is currently known to be used by the malware.
Open Chrome, Safari, and Firefox (if installed on your system), and check for the presence of the "Pop-Up Blocker" extension.

If you see either the "com.google.softwareUpdateAgent" process or the browser extensions, continue on to the removal instructions.

And, the instructions for removing it:

To manually remove the malware from your system:

Manual removal is going to require entering a few terminal commands. The commands must be entered exactly as they are listed below, so copy and paste them in if need be.

Before entering the terminal commands, delete the apps from your system (BitVanity, StealthBit, Bitcoin Ticker TTM, or Litecoin Ticker) by dragging them to the Trash and emptying the Trash. Make sure to quit the apps before attempting to delete them.

Open the Terminal (located in your Utilities folder), and type the following command:

Press the return key after entering the command. This command will unload the launchd task, and stop the malware from constantly running in the background If you see a message stating "No such file or directory, nothing found to unload," the launchd task was not loaded on your system.

Next, you're going to enter a command to unhide the malware file itself, and move it to your Desktop. From there, you will manually drag it to the Trash. This will serve to avoid accidentally removing the wrong file. Type the following command, again pressing the return key after entering the command: